Analyzing the Performance of Machine Learning Algorithms in Anomaly Network Intrusion Detection Systems

With the deployment of numerous networked devices over the internet, the protection of organizational and personal computer networks has become vital owing to new malicious attacks which are rapidly increasing. Network intrusion detection systems (NIDS) are among the most known and reputed network security tools. Maintaining security, data confidentiality, and data integrity are the primary goals of the NIDS. In this way, this paper investigates the application and performance of machine learning algorithms in NIDS. Four algorithms namely, Random Forest, Decision Stump, Naive Bayes, Stochastic Gradient Descent (SGD) combined with different feature selection techniques (Correlation Ranking Filter and Gain Ratio Feature Evaluator) are applied to implement the NIDS models using the NSL-KDD dataset which is the new version of KDD-Cup99. The comparative analysis conducted based on the performance of these algorithms reveals that the Random Forest performs better than the other algorithms regarding the predicted accuracy and detection error.

[1]  Mario Marchese,et al.  Support Vector Machine Meets Software Defined Networking in IDS Domain , 2017, 2017 29th International Teletraffic Congress (ITC 29).

[2]  Seref Sagiroglu,et al.  A Hybrid Method for Intrusion Detection , 2015, 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA).

[3]  Aboul Ella Hassanien,et al.  Continuous Features Discretization for Anomaly Intrusion Detectors Generation , 2014, ArXiv.

[4]  Sheng-De Wang,et al.  An adaptive network intrusion detection approach for the cloud environment , 2015, 2015 International Carnahan Conference on Security Technology (ICCST).

[5]  Muhammad Sher,et al.  Flow-based intrusion detection: Techniques and challenges , 2017, Comput. Secur..

[6]  W. S. Al-Sharafat Significant enhancements in feature selection to improve detecting network intrusions , 2012, International Conference on Education and e-Learning Innovations.

[7]  Tohari Ahmad,et al.  Increasing performance of IDS by selecting and transforming features , 2016, 2016 IEEE International Conference on Communication, Networks and Satellite (COMNETSAT).

[8]  Yoav Freund,et al.  Experiments with a New Boosting Algorithm , 1996, ICML.

[9]  Andrew J. Clark,et al.  Data preprocessing for anomaly based network intrusion detection: A review , 2011, Comput. Secur..

[10]  Roshani Ade,et al.  Genetic algorithm based feature selection approach for effective intrusion detection system , 2015, 2015 International Conference on Computer Communication and Informatics (ICCCI).

[11]  Cherukuri Aswani Kumar,et al.  Intrusion detection model using fusion of chi-square feature selection and multi class SVM , 2017, J. King Saud Univ. Comput. Inf. Sci..

[12]  Jyoti Prakash Singh,et al.  Intrusion detection system using anomaly technique in wireless sensor network , 2016, 2016 International Conference on Computing, Communication and Automation (ICCCA).

[13]  Rick Hofstede,et al.  Towards multi-layered intrusion detection in high-speed networks , 2014, 2014 6th International Conference On Cyber Conflict (CyCon 2014).

[14]  Archana Singh,et al.  Network intrusion detection system using various data mining techniques , 2016, 2016 International Conference on Research Advances in Integrated Navigation Systems (RAINS).

[15]  Dewan Md Farid,et al.  Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs , 2014, The 8th International Conference on Software, Knowledge, Information Management and Applications (SKIMA 2014).

[16]  Aboul Ella Hassanien,et al.  Comparison of classification techniques applied for network intrusion detection and classification , 2017, J. Appl. Log..

[17]  Sophia Ananiadou,et al.  Stochastic Gradient Descent Training for L1-regularized Log-linear Models with Cumulative Penalty , 2009, ACL.

[18]  Vangelis Metsis,et al.  Spam Filtering with Naive Bayes - Which Naive Bayes? , 2006, CEAS.

[19]  JongWon Kim,et al.  Suspicious traffic sampling for intrusion detection in software-defined networks , 2016, Comput. Networks.

[20]  Mohamed Guerroumi,et al.  A genetic clustering technique for Anomaly-based Intrusion Detection Systems , 2015, 2015 IEEE/ACIS 16th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD).

[21]  Yoram Singer,et al.  Pegasos: primal estimated sub-gradient solver for SVM , 2011, Math. Program..

[22]  A. Tohari,et al.  L-SCANN: Logarithmic Subcentroid and Nearest Neighbor , 2016 .

[23]  Jizhou Sun,et al.  An immune genetic model in rule-based state action IDS , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[24]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.